jnummelin
Repos
64
64
Followers
35
35
Events
issue comment
k0s cluster breaks when local DHCP address changes
Looking more closely to how etcd is getting configured:
# cat /proc/$(pidof etcd)/cmdline | xargs -0 | tr ' ' '\n' | grep url
--listen-client-urls=https://127.0.0.1:2379
--advertise-client-urls=https://127.0.0.1:2379
--initial-advertise-peer-urls=https://1.2.3.4:2380
--listen-peer-urls=https://1.2.3.4:2380
where 1.2.3.4 is my tailscale address for the machine.
To me this looks like how it is supposed to be configured based on the fact that I specified privateInterface: tailscale0 in the host config.
Created at 1 hour ago
issue comment
k0s cluster breaks when local DHCP address changes
Are tailscale IPs static?
Yes, according to the docs:
Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or a server).
Created at 1 hour ago
issue comment
k0s cluster breaks when local DHCP address changes
I did a quick try with tailscale enabled boxes:
apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
name: k0s-cluster
spec:
hosts:
- ssh:
address: 1.2.3.4 # VM in public cloud
user: root
role: controller
privateInterface: tailscale0
- ssh:
address: 192.168.205.4 # machine running on Multipass VM
user: ubuntu
role: worker
privateInterface: tailscale0
In this case both k0s and k0sctl seem to properly detect tailscale addresses and connect the worker to controller (kube-api) via tailscale network:
# k0s kc get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k0s-tailscale-wrkr-1 Ready <none> 12m v1.26.0+k0s 100.114.56.31 <none> Ubuntu 22.04.1 LTS 5.15.0-57-generic containerd://1.6.15
Created at 1 hour ago
issue comment
k0s cluster breaks when local DHCP address changes
@sjdrc Could you share your current k0sctl.yaml config?
Created at 2 hours ago
push
jnummelin push k0sproject/k0s
Add possibility to inject custom telemetry attributes via ConfigMap
This allows us to add certain "pre-defined" data e.g. from Lens Desktop use case so that we can better identify these uses of k0s in telemetry data.
Signed-off-by: Jussi Nummelin jnummelin@mirantis.com
commit sha:afe0a0c205f0bae6c762c295d7b6bca2f5bc5f90
Merge pull request #2647 from jnummelin/custom-telemetry-attributes
Add possibility to inject custom telemetry attributes via ConfigMap
commit sha:e46053071a7e994e4aa5978418df61eec428bcaf
Created at 21 hours ago
pull request closed
Add possibility to inject custom telemetry attributes via ConfigMap
Signed-off-by: Jussi Nummelin jnummelin@mirantis.com
Description
This allows us to add certain "pre-defined" data e.g. from Lens Desktop use case so that we can better identify these uses of k0s in telemetry data.
So essentially, if a ConfigMap kube-system/k0s-telemetry exists, we will include all KV pairs to telemetry data.
Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Documentation update
How Has This Been Tested?
- [x] Manual test
- [ ] Auto test added
Checklist:
- [x] My code follows the style guidelines of this project
- [x] My commit messages are signed-off
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my feature works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream modules
- [x] I have checked my code and corrected any misspellings
Created at 21 hours ago
push
Vulnerability fixes and security scanning
commit sha:aff2b05e934ecd0820348ded319f59349a50c1d4
Merge pull request #3 from makhov/vuln-fix-and-trivy-scanning
OS vulnerability fixes and security scanning
commit sha:7a1fc12af9b35e43dd7b6aecc74e253164598c51
Created at 1 day ago
pull request closed
OS vulnerability fixes and security scanning
This PR fixes only OS vulnerabilities and doesn't cover binary ones since we currently download them as is. We may consider updating CNI plugins to the new v1.2.0 version.
Before:
quay.io/k0sproject/cni-node:1.1.1-k0s.0 (alpine 3.15.4)
=======================================================
Total: 34 (UNKNOWN: 0, LOW: 2, MEDIUM: 10, HIGH: 15, CRITICAL: 7)
┌───────────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ curl │ CVE-2022-32207 │ CRITICAL │ 7.80.0-r1 │ 7.80.0-r2 │ curl: Unpreserved file permissions │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32207 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32221 │ │ │ 7.80.0-r4 │ curl: POST following PUT confusion │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32221 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-42915 │ │ │ │ curl: HTTP proxy double-free │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42915 │
│ ├────────────────┼──────────┤ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27780 │ HIGH │ │ 7.80.0-r2 │ curl: percent-encoded path separator in URL host │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27780 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27781 │ │ │ │ curl: CERTINFO never-ending busy-loop │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27781 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27782 │ │ │ │ curl: TLS and SSH connection too eager reuse │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27782 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-42916 │ │ │ 7.80.0-r4 │ curl: HSTS bypass via IDN │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42916 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-43551 │ │ │ 7.80.0-r5 │ curl: HSTS bypass via IDN │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-43551 │
│ ├────────────────┼──────────┤ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32205 │ MEDIUM │ │ 7.80.0-r2 │ curl: Set-Cookie denial of service │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32205 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32206 │ │ │ │ curl: HTTP compression denial of service │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32206 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32208 │ │ │ │ curl: FTP-KRB bad message verification │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32208 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-43552 │ │ │ 7.80.0-r5 │ curl: Use-after-free triggered by an HTTP proxy deny │
│ │ │ │ │ │ response │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-43552 │
│ ├────────────────┼──────────┤ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-35252 │ LOW │ │ 7.80.0-r3 │ curl: Incorrect handling of control code characters in │
│ │ │ │ │ │ cookies │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-35252 │
├───────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ libcrypto1.1 │ CVE-2022-2097 │ MEDIUM │ 1.1.1o-r0 │ 1.1.1q-r0 │ openssl: AES OCB fails to encrypt some bytes │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │
├───────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ libcurl │ CVE-2022-32207 │ CRITICAL │ 7.80.0-r1 │ 7.80.0-r2 │ curl: Unpreserved file permissions │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32207 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32221 │ │ │ 7.80.0-r4 │ curl: POST following PUT confusion │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32221 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-42915 │ │ │ │ curl: HTTP proxy double-free │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42915 │
│ ├────────────────┼──────────┤ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27780 │ HIGH │ │ 7.80.0-r2 │ curl: percent-encoded path separator in URL host │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27780 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27781 │ │ │ │ curl: CERTINFO never-ending busy-loop │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27781 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-27782 │ │ │ │ curl: TLS and SSH connection too eager reuse │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27782 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-42916 │ │ │ 7.80.0-r4 │ curl: HSTS bypass via IDN │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42916 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-43551 │ │ │ 7.80.0-r5 │ curl: HSTS bypass via IDN │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-43551 │
│ ├────────────────┼──────────┤ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32205 │ MEDIUM │ │ 7.80.0-r2 │ curl: Set-Cookie denial of service │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32205 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32206 │ │ │ │ curl: HTTP compression denial of service │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32206 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-32208 │ │ │ │ curl: FTP-KRB bad message verification │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32208 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-43552 │ │ │ 7.80.0-r5 │ curl: Use-after-free triggered by an HTTP proxy deny │
│ │ │ │ │ │ response │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-43552 │
│ ├────────────────┼──────────┤ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-35252 │ LOW │ │ 7.80.0-r3 │ curl: Incorrect handling of control code characters in │
│ │ │ │ │ │ cookies │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-35252 │
├───────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ libssl1.1 │ CVE-2022-2097 │ MEDIUM │ 1.1.1o-r0 │ 1.1.1q-r0 │ openssl: AES OCB fails to encrypt some bytes │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │
├───────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ libxml2 │ CVE-2022-2309 │ HIGH │ 2.9.14-r0 │ 2.9.14-r1 │ lxml: NULL Pointer Dereference in lxml │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2309 │
│ ├────────────────┤ │ ├──────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-40303 │ │ │ 2.9.14-r2 │ libxml2: integer overflows with XML_PARSE_HUGE │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-40303 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2022-40304 │ │ │ │ libxml2: dict corruption caused by entity reference cycles │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-40304 │
├───────────────────────┼────────────────┤ ├───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ ncurses-libs │ CVE-2022-29458 │ │ 6.3_p20211120-r0 │ 6.3_p20211120-r1 │ ncurses: segfaulting OOB read │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
├───────────────────────┤ │ │ │ │ │
│ ncurses-terminfo-base │ │ │ │ │ │
│ │ │ │ │ │ │
├───────────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ zlib │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1 │ 1.2.12-r2 │ zlib: heap-based buffer over-read and overflow in inflate() │
│ │ │ │ │ │ in inflate.c via a... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
└───────────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴─────────────────────────────────────────────────────────────┘
After:
cni-node (alpine 3.17.1)
===================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Created at 1 day ago
push
jnummelin push jnummelin/k0s
Add possibility to inject custom telemetry attributes via ConfigMap
This allows us to add certain "pre-defined" data e.g. from Lens Desktop use case so that we can better identify these uses of k0s in telemetry data.
Signed-off-by: Jussi Nummelin jnummelin@mirantis.com
commit sha:afe0a0c205f0bae6c762c295d7b6bca2f5bc5f90
Created at 1 day ago
issue comment
Pods cannot resolve Node's IPs
does this communication between the worker and the controller occurs in the port 8132
Yes, a worker opens a connection to controller node on port 8132. The controller (kube-api mostly) then uses that connection when it needs to connect kubelet (logs, exec etc.) and other node resources.
Created at 2 days ago
push
jnummelin push k0sproject/k0s
Bump google.golang.org/grpc from 1.52.0 to 1.52.1
Bumps google.golang.org/grpc from 1.52.0 to 1.52.1.
updated-dependencies:
- dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
commit sha:f589b98264432ba3ae9cb31a14f6f0dcecda22f2
Merge pull request #2640 from k0sproject/dependabot/go_modules/google.golang.org/grpc-1.52.1
Bump google.golang.org/grpc from 1.52.0 to 1.52.1
commit sha:530bfe9e60c985208ece3c68ff59a06dcfedc6bc
Created at 1 week ago
delete branch
jnummelin delete branch dependabot/go_modules/google.golang.org/grpc-1.52.1
Created at 1 week ago
pull request closed
Bump google.golang.org/grpc from 1.52.0 to 1.52.1
Bumps google.golang.org/grpc from 1.52.0 to 1.52.1.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 1 week ago
pull request opened
Add possibility to inject custom telemetry attributes via ConfigMap
Signed-off-by: Jussi Nummelin jnummelin@mirantis.com
Description
This allows us to add certain "pre-defined" data e.g. from Lens Desktop use case so that we can better identify these uses of k0s in telemetry data.
So essentially, if a ConfigMap kube-system/k0s-telemetry exists, we will include all KV pairs to telemetry data.
Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Documentation update
How Has This Been Tested?
- [x] Manual test
- [ ] Auto test added
Checklist:
- [x] My code follows the style guidelines of this project
- [x] My commit messages are signed-off
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my feature works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream modules
- [x] I have checked my code and corrected any misspellings
Created at 1 week ago
